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1 Cryptog ra phy as an operating system service: A case study 

Angelos D. Keromytls, Jason L. Wright, Theo De Raadt, Matthew Burnside 
February 2006 ACM Transactions on Computer Systems (TOCS), volume 24 issue i 

Publisher: ACM Press 

Full text available: Q pdf(669.12 KB) Additional Information: full citation , abstract , references , index terms 

Cryptographic transformations are a fundamental building block in many security 
applications and protocols. To improve performance, several vendors market hardware 
accelerator cards. However, until now no operating system provided a mechanism that 
allowed both uniform and efficient use of this new type of resource. We present the 
OpenBSD Cryptographic Framework (OCF), a service vlrtualization layer Implemented 
inside the operating system kernel, that provides uniform access to accelerator functio , 



Keywords: Encryption, authentication, cryptographic protocols, digital signatures, hash 
functions 



GPGPU: general p ur pose computation on g ra phics hardware 
David Luebke, Mark Harris, Jens Kriiger, Tim Purcell, Naga Govlndaraju, Ian Buck, Cliff 
Woolley, Aaron Lefohn 
August 2004 ACM SIGGRAPH 2004 Course Notes SIGGRAPH '04 

Publisher: ACM Press 

Full text available: Q Pdtt63.03 MB) Additional Information: full citation , abstract , citings 

The graphics processor (GPU) on today's commodity video cards has evolved into an 
extremely powerful and flexible processor. The latest graphics architectures provide 
tremendous memory bandwidth and computational horsepower, with fully programmable 
vertex and pixel processing units that support vector operations up to full IEEE floating 
point precision/High level languages have emerged for graphics hardware, making this 
computational power accessible. Architecturally, GPUs are highly parallel s ... 
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William Aiello, Steven M. Bellovin, Matt Blaze, Ran Canetti, John Ioannidis, Angelos D. 
^ Keromytis, Omer Relngold 

May 2004 ACM Transactions on Information and System Security (TISSEC), volume i 
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Publisher: ACM Press 

Full text available* Additional Information: full citation , abstract , references , citings , index 
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We describe Just Fast Keying (JFK), a new key-exchange protocol, primarily designed for 
use in the IP security architecture. It is simple, efficient, and secure; we sketch a proof of 
the latter property. JFK also has a number of novel engineering parameters that permit a 
variety of tradeoffs, most notably the ability to balance the need- for perfect forward 
secrecy against susceptibility to denial-of-service attacks. 

Keywords: Cryptography, denial-of-service attacks 



4 Architectural Su p port for High Speed Protection of Memory Integ rit y and j 
Confidentiality in Multiprocessor Systems 

Weldong Shi, Hsien-Hsin S. Lee, Mrinmoy Ghosh, Chenghuai Lu 

September 2004 Proceedings of the 13th International Conference on Parallel 

Architectures and Compilation Techniques PACT '04 
Publisher: IEEE Computer Society 

Full text available: Q pdf(255. 33 KB) Additional Information: full citation , abstract 

Recently there Is a growing effort in both the architecture and the security community to 
create a hardware solution for authenticating system memory.As shown in the previous 
work, hardware-based memory authentication will become a vital component for creating 
future trusted computing environments and digital rights protection. Almost all these prior 
work have focused on authenticating memory exclusively owned by a single processing 
element. However, In today's computing platforms, memory Is often ... 

5 Cryptograph y and data securit y J 
Dorothy Elizabeth Robling Denning 

January 1982 Book 

Publisher: Addison-Wesley Longman Publishing Co., Inc. 

Full text available: « pdfUMTMB} AdditionaI lnformati ™ M citation, abstract, references , dtings, index 

terms 

From the Preface (See Front Matter for full Preface) 

Electronic computers have evolved from exiguous experimental enterprises in the 1940s to 
prolific practical data processing systems in the 1980s. As we have come to rely on these 
systems to process and store data, we have also come to wonder about their ability to 
protect valuable data. 

Data security is the science and study of methods of protecting data in computer and 
communication systems from unauthorized disclosure ... 

6 A survey on peer-to-peer key management for mobile ad hoc networks j 
Johann Van Der Merwe, Dawoud.Dawoud, Stephen McDonald 
April 2007 ACM Computing Surveys (CSUR), volume 39 issue l 

Publisher: ACM Press 

Full text available: *Qpdf (872.71 KB) Additional Information: full citation , abstract , references , index terms 

The article reviews the most popular peer-to-peer key management protocols for mobile 
ad hoc networks (MANETs). The protocols are subdivided into groups based on their design 
strategy or main characteristic. The article discusses and. provides comments on the 
strategy of each group separately. The discussions give insight into open research 
problems In the area of pairwise key management. 
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7 Key management for encrypted broadcast | 
Avlshal Wool 

May 2000 ACM Transactions on Information and System Security (TISSEC), volume 3 

Issue 2 
Publisher: ACM Press 

Full text available: ^ pdf(220.36 KB) Additional Information: full citation , abstract , references , index terms 

We. consider broadcast applications where the transmissions need to be encrypted, such as 
direct broadcast digital TV networks or Internet multicast. In these applications the 
number of encrypted TV programs may be very large, but the secure memory capacity at 
the set-top terminals (STT) is severely limited due to the need to withstand pirate attacks 
and hardware tampering. Despite this, we would like to allow the service provider to offer 
different packages of programs to the users. A user ... 

Keywords: conditional access, pay-per-view 



8 Pa pers: Context-aaile encryption for high speed communication networks 
Lyndon G. Pierson, Edward L. Witzke, Mark O. Bean, Gerry J. Trombley 
January 1999 ACM SXGCOMM Computer Communication Review, volume 29 issue l 

Publisher: ACM Press 

Full text available: |0) pdf(1.43 MB) Additional Information: full citation , abstract , references 

Different applications have different security requirements for data privacy, data integrity, 
and authentication. Encryption Is one technique that addresses these requirements. 
Encryption hardware, designed for use in high-speed communications networks, can 
satisfy a wide variety of security requirements if the hardware implementation is key- 
agile, key length-agile, mode-agile, and algorithm-agile. Hence, context-agile encryption 
provides enhanced solutions to the secrecy, interoperability, and ... 




9 Ke y management for encrypted broadcast 
Avishai Wool 

November 1998 Proceedings of the 5th ACM conference on Computer and 

communications security CCS '98 
Publisher: ACM Press 

Full text available: Qpdf (1.18MB ) Additional Information: full citation, referen c es , citings, index terms 




10 Public-key crypto g raph y and password protocols 
ygv Shai Halevi, Hugo Krawczyk 

^ August 1999 ACM Transactions on Information and System Security (TISSEC), volume 2 

Issue 3 
Publisher: ACM Press 

Full text available: ffi pdf(275.84 KB) Additional Information: full citation , ahOifiL reference? , citings, index 

ter ms , review 

We study protocols for strong authentication and key exchange In asymmetric scenarios 
where the authentication server possesses ~a pair of private and public keys while the 
client has only a weak human-memorizable password as its authentication key. We 
present and analyze several simple password authentication protocols in this scenario, and 
show that the security of these protocols can be formally proven based on standard 
cryptographic assumptions. Remarkably, our analysis shows optimal re ... 
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11 Nark: receiver-based multicast non-repudiation and key management 
Bob Briscoe, Ian Fairman 

November 1999 Proceedings of the 1st ACM conference on Electronic commerce EC 
•99 

Publisher: ACM Press 

Full text available: ^ pdf(168.86 KB) Additional Information: full citation , references , citings , index terms 

Keywords: Internet, audit trail, key management, multicast, non-repudiation, smartcard, 
watermark 



12 Key management and key e xchange: Efficient DoS-resistant. secure kev exchange 
^ for internet protocols 

^ William Aiello, Steven M. Bellovin, Matt Blaze, John Ioannidls, Omer Reingold, Ran Canetti, 
Angelos D. Keromytis 

November 2002 Proceedings of the 9th ACM conference on Computer and 

communications security CCS '02 
Publisher: ACM Press 

Full text available* |§ pdffl 18 52 KB) Additional Information: full citation , abstract , references , citing s, index 

We describe JFK, a new key exchange protocol, primarily designed for use in the IP 
Security Architecture. It is simple, efficient, and secure; we sketch a proof of the latter 
property. JFK also has a number of novel engineering parameters that permit a variety of 
trade-offs, most notably the ability to balance the need for perfect forward secrecy against 
susceptibility to denlal-of-service attacks. 

Keywords: cryptography, denial of service attacks 



13 Level set and PDE methods for computer graphics 

^ David Breen, Ron Fedkiw, Ken Museth, Stanley Osher, Gulllermo Saplro, Ross Whitaker 
v 7 August 2004 ACM SIGGRAPH 2004 Course Notes SIGGRAPH '04 

Publisher: ACM Press 

Full text available: ^j| odf(17.07 MB) Additional Information: full citation , abstract , citings 

Level set methods, an important class of partial differential equation (PDE) methods, 
define dynamic surfaces Implicitly as the level set (Iso-surface) of a sampled, evolving nD 
function. The course begins with preparatory material that introduces the concept of using 
partial differential equations to solve problems In computer graphics, geometric modeling 
and computer vision. This will include the structure and behavior of several different types 
of differential equations, e.g. the level set eq ... 

14 Improving key predistribution with deployment knowledge in static sensor networks 
Donggang Uu, Peng Nlng 

November 2005 ACM Transactions on Sensor Networks (TOSN), volume l issue 2 
Publisher: ACM Press 

Full text available: |5) odf(639.52 KB) Additional Information: full citation , abstract , references, index terms 

Pairwise key establishment is a fundamental security service for sensor networks. 
However, establishing pairwise keys In sensor networks Is a challenging problem, 
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particularly due to the resource constraints on sensor nodes and the threat of node 
compromises. This article proposes to use both predeployment and postdeployment 
knowledge to Improve pairwlse key predistribution In static sensor networks. By exploiting 
the predeployment knowledge, this article first develops two key predistrib ... 

Keywords: Sensor networks, key management, key predistribution 



15 A key-chain-based keying scheme for many-to-many secure group communication j| 
^ Dijlang Huang, Deep Medhi 

V November 2004 ACM Transactions on Information and System Security (TISSEC), 

Volume 7 Issue 4 
Publisher: ACM Press 

Full text available: Q pdf(311.81 KB) Additional Information: full citation , abstract , references, index terms 

We propose a novel secure group keying scheme using hash chain for many-to-many 
secure group communication. This scheme requires a key predistribution center to 
generate multiple hash chains and allocates exactly one hash value from each chain to a 
group member. A group member can use its allocated hash values (secrets) to generate 
group and subgroup keys. Key distribution can be offline or online via the key distribution 
protocol. Once keys are distributed, this scheme enab ... 

Keywords: Hash chain, key chain, many-to-many secure group communication, secure 
group communication 



Ap plications and compliance: Virtual monotonic counters and count-limited objects ||j 
using a TPM without a trusted OS 

Luis F. G. Sarmenta, Marten van Dijk, Charles W. O'Donnell, Jonathan Rhodes, Srlnivas 
Devadas 

November 2006 Proceedings of the first ACM workshop on Scalable trusted computing 

STC '06 
Publisher: ACM Press 

Full text available: Q pdft447.59 KB) Additional Information: full citation, abstract, reference?, index terms 

A trusted monotonic counter is a valuable primitive that enables a wide variety of highly 
scalable offline and decentralized applications that would otherwise be prone to replay 
attacks, including offline payment, e-wallets, virtual trusted storage, and digital rights 
management (DRM). In this paper, we show how one can implement a very large number 
of virtual monotonic counters on an untrusted machine with a Trusted Platform Module 
(TPM) or similar device, without relying on a trusted OS ... 

Keywords: certified execution, e- wallet memory integrity checking, key delegation, 
stored-value, trusted storage 



17 Mobile Code and Distributed Systems: The performance of public key-enabled 
<^ kerberos authentication in mobile computing applications 
^ Alan Harbitter, Daniel A. Menasc6 

November 2001 Proceedings of the 8th ACM conference on Computer and 
Communications Security CCS '01 

Publisher: ACM Press 

Full text available* fiQpdf (419.31 KB) Additional Information: full citation, abstract, rgfrrences, c iting s, index 
' ^ ' terms 

Authenticating mobile computing users can require a significant amount of processing and 
communications resources-partlcularly when protocols based on public key encryption are 
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invoked. These resource requirements can result in unacceptable response times for the 
user. In this paper, we analyze adaptations of the public key-enabled Kerberos network 
authentication protocol to a mobile platform by measuring the service time of a "skeleton" 
Implementation and constructing a closed queuing network m ... 

Keywords: authentication, kerberos, mobile computing, performance modeling, proxy 
servers, public key cryptography 



18 Wireless application drivers for low-power systems: Reducing radio energy 
^ consumption of key management protocols for wireless sensor networks 
^ Bo-Cheng Charles Lai, David D. Hwang, Sungha Pete Kim, Ingrid Verbauwhede 

August 2004 Proceedings of the 2004 international symposium on Low power 
electronics and design ISLPED '04 

Publisher: ACM Press 

Full text available: ^ pdf(10271 KB) Additional Information: full citation , abstract , references , index terms 

The security of sensor networks is a challenging area. Key management Is one of the 
crucial parts In constructing the security among sensor nodes. However, key management 
protocols require a great deal of energy consumption, particularly in the transmission of 
initial key negotiation messages. In this paper, we examine three previously published 
sensor network security schemes: SPINS and C&R for master-key-based schemes, and 
Eschenhaur-Gligor (EG) for distributed-key-based schemes. We then prese ... 

Keywords: key management protocol, sensor network 
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Antonio Durante, Riccardo Focardl, Roberto Gorrlerl 

October 2000 ACM Transactions on Software Engineering and Methodology (TOSEM), 

Volume 9 Issue 4 
Publisher: ACM Press 



Full text available' *B odf(291 90 KB) Additjonal Information: full citatio n, afrstrag references , citings, index 
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The Security Process Algebra (SPA) Is a CCS-IIke specification languag e where actions 
belong to two different levels of confidentiality. It has been used to define several 
noninterference-like security properties whose verification has been automated by the tool 
CoSeC. In recent years, a method for analyzing security protocols using SPA and CoSeC 
has been developed. Even If it has been useful in analyzing small security protocols, this 
method has shown to be error-prone, as It requires the ... 

Keywords: automatic verification, cryptographic protocols, noninterference, process 
algebra, verification tool 



20 Cry ptogra phic protocols/ network security: Efficient self-healing group key distribution 

^ with revocation capabilit y 

^ Donggang Liu, Peng Ning, Kun Sun 

October 2003 Proceedings of the 10th ACM conference on Computer and 
communications security CCS '03 

Publisher: ACM Press 

Full text available- f 5 ! Ddff237 61 KB) Additlonal Information: full citation , abstract , references , citings , index 
^ r terms 

This paper presents group key distribution techniques for large and dynamic groups over 
unreliable channels. The techniques proposed here are based on the self-healing key 
distribution methods (with revocation capability) recently developed by Staddon et al. 
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[27]. By Introducing a novel personal key distribution technique, this paper reduces (1) 
the communication overhead of personal key share distribution from 0(t 2 log q) to 0 
(tlogq), (2) the communication overhead of self-healing key ... 

Keywords: group key distribution, key management, self-healing 
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